Hi, RFC6844 defines a method by which domain owners can limit the CA allowed to issue certificates for their domain. As far as I can tell this isn't widely implemented in DNS Daemons (KnotDNS and Bind9 [urgh]) do have support though. Is this something that might make sense including in the MTA-STS document?
i.e. one could effectively restrict validation to a certain CA (say for example Let's Encrypt). I'd apprechiate input on that one from implementers and operators. Is this used in practice? Does it work? Thank you, Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
